TY - UNPB
T1 - Systematic Analysis of Programming Languages and Their Execution Environments for Spectre Attacks
AU - Naseredini, Amir
AU - Gast, Stefan
AU - Schwarzl, Martin
AU - Bernardo, Pedro Miguel Sousa
AU - Smajic, Amel
AU - Canella, Claudio
AU - Berger, Martin
AU - Gruss, Daniel
PY - 2021/11/24
Y1 - 2021/11/24
N2 - In this paper, we analyze the security of programming languages and their execution environments (compilers and interpreters) with respect to Spectre attacks. The analysis shows that only 16 out of 42 execution environments have mitigations against at least one Spectre variant, i.e., 26 have no mitigations against any Spectre variant. Using our novel tool Speconnector, we develop Spectre proof-of-concept attacks in 8 programming languages and on code generated by 11 execution environments that were previously not known to be affected. Our results highlight some programming languages that are used to implement security-critical code, but remain entirely unprotected, even three years after the discovery of Spectre.
AB - In this paper, we analyze the security of programming languages and their execution environments (compilers and interpreters) with respect to Spectre attacks. The analysis shows that only 16 out of 42 execution environments have mitigations against at least one Spectre variant, i.e., 26 have no mitigations against any Spectre variant. Using our novel tool Speconnector, we develop Spectre proof-of-concept attacks in 8 programming languages and on code generated by 11 execution environments that were previously not known to be affected. Our results highlight some programming languages that are used to implement security-critical code, but remain entirely unprotected, even three years after the discovery of Spectre.
KW - cs.CR
M3 - Working paper
BT - Systematic Analysis of Programming Languages and Their Execution Environments for Spectre Attacks
ER -